diff --git a/security/Makefile b/security/Makefile index f30ed7acf4c2..694b4f4e176e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -345,6 +345,7 @@ SUBDIR += openssh-askpass SUBDIR += openssh-portable SUBDIR += openssl + SUBDIR += openssl_tpm_engine SUBDIR += openvas-client SUBDIR += openvas-libnasl SUBDIR += openvas-libraries diff --git a/security/openssl_tpm_engine/Makefile b/security/openssl_tpm_engine/Makefile new file mode 100644 index 000000000000..02e6dfa6243b --- /dev/null +++ b/security/openssl_tpm_engine/Makefile @@ -0,0 +1,41 @@ +# New ports collection makefile for: openssl_tpm_engine +# Date created: 18 Sep 2007 +# Whom: Sebastian Schuetz +# +# $FreeBSD$ +# + +PORTNAME= openssl_tpm_engine +PORTVERSION= 0.4.1 +CATEGORIES= security +MASTER_SITES= SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION} + +MAINTAINER= nork@freebsd.org +COMMENT= OpenSSL TPM engine + +RUN_DEPENDS= ${LOCALBASE}/sbin/tcsd:${PORTSDIR}/security/trousers +LIB_DEPENDS= tspi.2:${PORTSDIR}/security/trousers + +USE_GMAKE= YES +GNU_CONFIGURE= YES +MAKE_JOBS_SAFE= YES +USE_AUTOTOOLS= autoconf:268 libtool:22 +CONFIGURE_ENV= LDFLAGS="-L${LOCALBASE}/lib" + +SUB_FILES= pkg-message + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE + +.include +CFLAGS+= -I${LOCALBASE}/include + +post-patch: + @${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample + +post-install: + @[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR} + @${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR} + @${CAT} ${PKGMESSAGE} + +.include diff --git a/security/openssl_tpm_engine/distinfo b/security/openssl_tpm_engine/distinfo new file mode 100644 index 000000000000..63a7efe1946d --- /dev/null +++ b/security/openssl_tpm_engine/distinfo @@ -0,0 +1,2 @@ +SHA256 (openssl_tpm_engine-0.4.1.tar.gz) = 01d1244f1985d5ba1720a64d04de9080acd9b1c08cc04a2f1b7beb6850deae67 +SIZE (openssl_tpm_engine-0.4.1.tar.gz) = 648249 diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.c b/security/openssl_tpm_engine/files/patch-e_tpm.c new file mode 100644 index 000000000000..03f31cd1a973 --- /dev/null +++ b/security/openssl_tpm_engine/files/patch-e_tpm.c @@ -0,0 +1,373 @@ +http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com +http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.camel%40macbook.infradead.org + +--- e_tpm.c.orig 2007-02-06 05:32:10.000000000 +0900 ++++ e_tpm.c 2010-11-01 00:13:51.370858197 +0900 +@@ -35,9 +35,6 @@ + #include + + #include +-#include +-#include +-#include + #include + #include + #include +@@ -45,6 +42,7 @@ + #include + + #include // XXX DEBUG ++#include // XXX DEBUG + + #include "e_tpm.h" + +@@ -77,6 +75,11 @@ + static const char *TPM_F_Policy_SetSecret = "Tspi_Policy_SetSecret"; + static const char *TPM_F_Policy_AssignToObject = "Tspi_Policy_AssignToObject"; + ++/* Added by c.hol...@sirrix.com */ ++static const char *TPM_F_PcrComposite_SelectPcrIndex = "Tspi_PcrComposite_SelectPcrIndex"; ++static const char *TPM_F_TPM_Quote = "Tspi_TPM_Quote"; ++static const char *TPM_F_NV_ReadValue = "Tspi_NV_ReadValue"; ++ + /* engine specific functions */ + static int tpm_engine_destroy(ENGINE *); + static int tpm_engine_init(ENGINE *); +@@ -106,6 +109,8 @@ + #define TPM_CMD_SO_PATH ENGINE_CMD_BASE + #define TPM_CMD_PIN ENGINE_CMD_BASE+1 + #define TPM_CMD_SECRET_MODE ENGINE_CMD_BASE+2 ++#define TPM_CMD_QUOTE ENGINE_CMD_BASE+3 ++ + static const ENGINE_CMD_DEFN tpm_cmd_defns[] = { + {TPM_CMD_SO_PATH, + "SO_PATH", +@@ -119,6 +124,10 @@ + "SECRET_MODE", + "The TSS secret mode for all secrets", + ENGINE_CMD_FLAG_NUMERIC}, ++ {TPM_CMD_QUOTE, ++ "QUOTE", ++ "Perform a TPM_Quote() with the given structure", ++ ENGINE_CMD_FLAG_NUMERIC}, + {0, NULL, NULL, 0} + }; + +@@ -201,6 +210,11 @@ + static unsigned int (*p_tspi_Policy_SetSecret)(); + static unsigned int (*p_tspi_Policy_AssignToObject)(); + ++/* Added by c.hol...@sirrix.com */ ++static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)(); ++static unsigned int (*p_tspi_TPM_Quote)(); ++static unsigned int (*p_tspi_NV_ReadValue)(); ++ + /* This internal function is used by ENGINE_tpm() and possibly by the + * "dynamic" ENGINE support too */ + static int bind_helper(ENGINE * e) +@@ -255,6 +269,9 @@ + UINT32 authusage; + BYTE *auth; + ++ /* Added by c.hol...@sirrix.com */ ++ BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; ++ + if (hSRK != NULL_HKEY) { + DBGFN("SRK is already loaded."); + return 1; +@@ -300,25 +317,33 @@ + return 0; + } + +- if ((auth = calloc(1, 128)) == NULL) { +- TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) { +- p_tspi_Context_CloseObject(hContext, hSRK); +- free(auth); +- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); +- } ++ /* c.hol...@sirrix.com: If the UI method is NULL, use TSS_WELL_KNOWN_SECRET */ ++ if (ui) { ++ if ((auth = calloc(1, 128)) == NULL) { ++ TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + +- /* secret_mode is a global that may be set by engine ctrl +- * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ +- if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode, +- strlen((char *)auth), auth))) { +- p_tspi_Context_CloseObject(hContext, hSRK); +- free(auth); +- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); +- return 0; ++ if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) { ++ p_tspi_Context_CloseObject(hContext, hSRK); ++ free(auth); ++ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); ++ } ++ /* secret_mode is a global that may be set by engine ctrl ++ * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ ++ if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode, ++ strlen((char *)auth), auth))) { ++ p_tspi_Context_CloseObject(hContext, hSRK); ++ free(auth); ++ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ } else { ++ if (result = p_tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known)) { ++ p_tspi_Context_CloseObject(hContext, hSRK); ++ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); ++ return 0; ++ } + } + + free(auth); +@@ -363,6 +388,12 @@ + void (*p22) (); + void (*p23) (); + void (*p24) (); ++ ++ /* Added by c.hol...@sirrix.com */ ++ void (*p25) (); ++ void (*p26) (); ++ void (*p27) (); ++ + TSS_RESULT result; + + DBG("%s", __FUNCTION__); +@@ -400,6 +431,12 @@ + !(p21 = DSO_bind_func(tpm_dso, TPM_F_Context_GetTpmObject)) || + !(p22 = DSO_bind_func(tpm_dso, TPM_F_GetAttribUint32)) || + !(p23 = DSO_bind_func(tpm_dso, TPM_F_SetAttribData)) || ++ ++ /* Added by c.hol...@sirrix.com */ ++ !(p25 = DSO_bind_func(tpm_dso, TPM_F_TPM_Quote)) || ++ !(p26 = DSO_bind_func(tpm_dso, TPM_F_PcrComposite_SelectPcrIndex)) || ++ !(p27 = DSO_bind_func(tpm_dso, TPM_F_NV_ReadValue)) || ++ + !(p24 = DSO_bind_func(tpm_dso, TPM_F_Policy_AssignToObject)) + ) { + TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE); +@@ -432,6 +469,11 @@ + p_tspi_SetAttribData = (unsigned int (*) ()) p23; + p_tspi_Policy_AssignToObject = (unsigned int (*) ()) p24; + ++ /* Added by c.hol...@sirrix.com */ ++ p_tspi_TPM_Quote = (unsigned int (*) ()) p25; ++ p_tspi_PcrComposite_SelectPcrIndex = (unsigned int (*) ()) p26; ++ p_tspi_NV_ReadValue = (unsigned int (*) ()) p27; ++ + if ((result = p_tspi_Context_Create(&hContext))) { + TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE); + goto err; +@@ -487,6 +529,11 @@ + p_tspi_TPM_StirRandom = NULL; + p_tspi_TPM_GetRandom = NULL; + ++ /* Added by c.hol...@sirrix.com */ ++ p_tspi_TPM_Quote = NULL; ++ p_tspi_PcrComposite_SelectPcrIndex = NULL; ++ p_tspi_NV_ReadValue = NULL; ++ + return 0; + } + +@@ -612,6 +659,55 @@ + return 1; + } + ++/* ++ * Read a keyblob from NVRAM into an OpenSSL memory BIO ++ * by Christian Holler (c.hol...@sirrix.com), Sirrix AG ++ */ ++int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio) ++{ ++ TSS_RESULT result; ++ TSS_HNVSTORE hNVStore; ++ BYTE *dataRead = NULL; ++ ++ //unsigned int blobLength = 559; ++ ++ BIO *mem = BIO_new(BIO_s_mem()); ++ ++ /* Create TPM NV object */ ++ result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, ++ &hNVStore); ++ ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ ++ /* Set the index to be read */ ++ result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0, ++ (UINT32) index); ++ ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ ++ result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead); ++ BIO_write(mem, dataRead, length); ++ p_tspi_Context_FreeMemory(hContext, dataRead); ++ ++ if (result != TSS_SUCCESS ) { ++ TSSerr(TPM_F_TPM_BIO_FROM_NVRAM, ++ TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ ++ *bio = mem; ++ ++ return 1; ++} ++ + static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, + UI_METHOD *ui, void *cb_data) + { +@@ -627,7 +723,7 @@ + + DBG("%s", __FUNCTION__); + +- if (!key_id) { ++ if (!key_id && !cb_data) { + TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } +@@ -637,10 +733,21 @@ + return NULL; + } + +- if ((bf = BIO_new_file(key_id, "r")) == NULL) { +- TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, +- TPM_R_FILE_NOT_FOUND); +- return NULL; ++ if (cb_data) { ++ struct nvram_request *nvreq = cb_data; ++ ++ if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) { ++ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ++ TPM_R_NVRAM_FAILED); ++ return NULL; ++ } ++ } else { ++ ++ if ((bf = BIO_new_file(key_id, "r")) == NULL) { ++ TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ++ TPM_R_FILE_NOT_FOUND); ++ return NULL; ++ } + } + retry: + if ((rc = BIO_read(bf, &blob_buf[0], 4096)) < 0) { +@@ -746,6 +853,8 @@ + return NULL; + } + ++ EVP_PKEY_assign_RSA(pkey, rsa); ++ + return pkey; + } + +@@ -782,6 +891,70 @@ + return 1; + } + ++static int tpm_quote(void* p) { ++ TSS_RESULT result; ++ TSS_HPCRS hPcrComposite; ++ TSS_VALIDATION tssVal; ++ ++ unsigned int i = 0; ++ ++ struct quote_request *request = p; ++ ++ struct rsa_app_data *app_data = RSA_get_ex_data(request->rsa, ex_app_data); ++ ++ /* No app_data, this is not a TPM Key and we cannot use it for quote */ ++ if (!app_data) { ++ return 0; ++ } ++ ++ /* Key is invalid */ ++ if (app_data->hKey == NULL_HKEY) { ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY); ++ return 0; ++ } ++ ++ /* Set up PcrComposite Structure, this is a set ++ * of PCRs which will be used for the quote */ ++ result = ++ p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, ++ TSS_PCRS_STRUCT_INFO, &hPcrComposite); ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ ++ /* Add all PCR values to be used to PcrComposite structure */ ++ for (i = 0; i < request->PCRSelLength; i++) { ++ if (request->PCRSel[i]) { ++ result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i); ++ ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ } ++ } ++ ++ /* Set the nonce */ ++ tssVal.rgbExternalData = request->nonce; ++ tssVal.ulExternalDataLength = SHA_DIGEST_LENGTH; ++ ++ result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal); ++ ++ if (result != TSS_SUCCESS) { ++ TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED); ++ return 0; ++ } ++ ++ request->rgbData = tssVal.rgbData; ++ request->ulValidationDataLength = tssVal.ulValidationDataLength; ++ request->rgbValidationData = tssVal.rgbValidationData; ++ ++ p_tspi_Context_CloseObject(hContext, hPcrComposite); ++ ++ return 1; ++} ++ + static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ()) + { + int initialised = ((tpm_dso == NULL) ? 0 : 1); +@@ -820,6 +993,8 @@ + return 1; + case TPM_CMD_PIN: + return tpm_create_srk_policy(p); ++ case TPM_CMD_QUOTE: ++ return tpm_quote(p); + default: + break; + } +@@ -1104,7 +1279,12 @@ + } + + if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { +- if (flen != SHA_DIGEST_LENGTH) { ++ /* c.hol...@sirrix.com: Ugly hack, OpenSSL passes PKCS1v1.5 wrapped hash, ++ * original SHA1 is last 20 bytes */ ++ if (flen == SHA_DIGEST_LENGTH+15) { ++ from += 15; ++ flen = SHA_DIGEST_LENGTH; ++ } else if (flen != SHA_DIGEST_LENGTH) { + TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); + return 0; + } diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.h b/security/openssl_tpm_engine/files/patch-e_tpm.h new file mode 100644 index 000000000000..034bb5e0a1d9 --- /dev/null +++ b/security/openssl_tpm_engine/files/patch-e_tpm.h @@ -0,0 +1,47 @@ +http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com + +--- e_tpm.h.orig 2006-08-04 04:22:05.000000000 +0900 ++++ e_tpm.h 2010-10-31 23:46:45.913856850 +0900 +@@ -74,6 +74,8 @@ + #define TPM_F_TPM_FILL_RSA_OBJECT 116 + #define TPM_F_TPM_ENGINE_GET_AUTH 117 + #define TPM_F_TPM_CREATE_SRK_POLICY 118 ++#define TPM_F_TPM_BIO_FROM_NVRAM 119 ++#define TPM_F_TPM_QUOTE 120 + + /* Reason codes. */ + #define TPM_R_ALREADY_LOADED 100 +@@ -104,6 +106,7 @@ + #define TPM_R_ID_INVALID 125 + #define TPM_R_UI_METHOD_FAILED 126 + #define TPM_R_UNKNOWN_SECRET_MODE 127 ++#define TPM_R_NVRAM_FAILED 128 + + /* structure pointed to by the RSA object's app_data pointer */ + struct rsa_app_data +@@ -115,6 +118,25 @@ + UINT32 sigScheme; + }; + ++/* Added by c.hol...@sirrix.com */ ++struct quote_request ++{ ++ RSA* rsa; ++ unsigned int PCRSel[256]; ++ unsigned int PCRSelLength; ++ const unsigned char* nonce; ++ unsigned int nonceLen; ++ unsigned char* rgbData; ++ unsigned int ulValidationDataLength; ++ unsigned char* rgbValidationData; ++}; ++ ++struct nvram_request ++{ ++ unsigned int index; ++ unsigned int length; ++}; ++ + #define TPM_ENGINE_EX_DATA_UNINIT -1 + #define RSA_PKCS1_OAEP_PADDING_SIZE (2 * SHA_DIGEST_LENGTH + 2) + diff --git a/security/openssl_tpm_engine/files/patch-e_tpm_err.c b/security/openssl_tpm_engine/files/patch-e_tpm_err.c new file mode 100644 index 000000000000..847c6a115388 --- /dev/null +++ b/security/openssl_tpm_engine/files/patch-e_tpm_err.c @@ -0,0 +1,20 @@ +http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com + +--- e_tpm_err.c.orig 2005-10-06 04:02:16.000000000 +0900 ++++ e_tpm_err.c 2010-10-31 23:44:32.217860972 +0900 +@@ -246,6 +246,7 @@ + {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, + {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, + {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, ++ {ERR_PACK(0, TPM_F_TPM_BIO_FROM_NVRAM, 0), "TPM_BIO_FROM_NVRAM"}, + {0, NULL} + }; + +@@ -276,6 +277,7 @@ + {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, + {TPM_R_ID_INVALID, "engine id doesn't match"}, + {TPM_R_UI_METHOD_FAILED, "ui function failed"}, ++ {TPM_R_NVRAM_FAILED, "nvram failure"}, + {0, NULL} + }; + diff --git a/security/openssl_tpm_engine/files/patch-openssl.cnf.sample b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample new file mode 100644 index 000000000000..b871fe4c1d86 --- /dev/null +++ b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample @@ -0,0 +1,11 @@ +--- openssl.cnf.sample.orig 2005-09-30 00:02:58.000000000 +0900 ++++ openssl.cnf.sample 2010-11-07 00:53:39.968569790 +0900 +@@ -18,7 +18,7 @@ + foo = tpm_section + + [tpm_section] +-dynamic_path = /usr/local/ssl/lib/engines/libtpm.so ++dynamic_path = %%PREFIX%%/lib/openssl/engines/libtpm.so + engine_id = tpm + default_algorithms = ALL + #default_algorithms = RAND,RSA diff --git a/security/openssl_tpm_engine/files/pkg-message.in b/security/openssl_tpm_engine/files/pkg-message.in new file mode 100644 index 000000000000..4947c3aa6917 --- /dev/null +++ b/security/openssl_tpm_engine/files/pkg-message.in @@ -0,0 +1,17 @@ +A sample openssl.cnf was copied to + %%PREFIX%%/share/examples/tpm/openssl.cnf.sample + +To use 'tpm' openssl engine, please add above sample configuration +to /etc/ssl/openssl.cnf. + +If you setup tpm engine to openssl.cnf, please start always tcsd +daemon (ports/security/trousers), or many applications using openssl +like sshd/httpd doesn't work soon / you get following messages like: + +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +Auto configuration failed +65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484: +65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161: +65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL +65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/security/openssl_tpm_engine/pkg-descr b/security/openssl_tpm_engine/pkg-descr new file mode 100644 index 000000000000..d66288fd837d --- /dev/null +++ b/security/openssl_tpm_engine/pkg-descr @@ -0,0 +1,3 @@ +This package contains 2 sets of code, a command-line utility used to +generate a TSS key blob and write it to disk and an OpenSSL engine +which interfaces with the TSS API. diff --git a/security/openssl_tpm_engine/pkg-plist b/security/openssl_tpm_engine/pkg-plist new file mode 100644 index 000000000000..c582078ae570 --- /dev/null +++ b/security/openssl_tpm_engine/pkg-plist @@ -0,0 +1,9 @@ +bin/create_tpm_key +lib/openssl/engines/libtpm.a +lib/openssl/engines/libtpm.la +lib/openssl/engines/libtpm.so +lib/openssl/engines/libtpm.so.0 +%%EXAMPLESDIR%%/openssl.cnf.sample +@dirrm lib/openssl/engines +@dirrm lib/openssl +@dirrm %%EXAMPLESDIR%%